stream: move WHATWG byte-stream helpers to C++

lib/internal/webstreams/readablestream.js

@@ -93,9 +93,6 @@ const {
 } = require('internal/streams/utils');
 
 const {
-  ArrayBufferViewGetBuffer,
-  ArrayBufferViewGetByteLength,
-  ArrayBufferViewGetByteOffset,
   AsyncIterator,
   canCopyArrayBuffer,
   cloneAsUint8Array,
@@ -106,6 +103,7 @@ const {
   enqueueValueWithSize,
   extractHighWaterMark,
   extractSizeAlgorithm,
+  getArrayBufferView,
   getNonWritablePropertyDescriptor,
   isBrandCheck,
   kState,
@@ -688,8 +686,9 @@ class ReadableStreamBYOBRequest {
         'This BYOB request has been invalidated');
     }
 
-    const viewByteLength = ArrayBufferViewGetByteLength(view);
-    const viewBuffer = ArrayBufferViewGetBuffer(view);
+    const arrayBufferView = getArrayBufferView(view);
+    const viewBuffer = arrayBufferView[0];
+    const viewByteLength = arrayBufferView[2];
     const viewBufferByteLength = ArrayBufferPrototypeGetByteLength(viewBuffer);
 
     if (ArrayBufferPrototypeGetDetached(viewBuffer)) {
@@ -980,8 +979,9 @@ class ReadableStreamBYOBReader {
     }
     validateObject(options, 'options', kValidateObjectAllowObjectsAndNull);
 
-    const viewByteLength = ArrayBufferViewGetByteLength(view);
-    const viewBuffer = ArrayBufferViewGetBuffer(view);
+    const arrayBufferView = getArrayBufferView(view);
+    const viewBuffer = arrayBufferView[0];
+    const viewByteLength = arrayBufferView[2];
 
     if (isSharedArrayBuffer(viewBuffer)) {
       throw new ERR_INVALID_ARG_VALUE(
@@ -1198,8 +1198,9 @@ class ReadableByteStreamController {
     if (!isReadableByteStreamController(this))
       throw new ERR_INVALID_THIS('ReadableByteStreamController');
     validateBuffer(chunk);
-    const chunkByteLength = ArrayBufferViewGetByteLength(chunk);
-    const chunkBuffer = ArrayBufferViewGetBuffer(chunk);
+    const arrayBufferView = getArrayBufferView(chunk);
+    const chunkBuffer = arrayBufferView[0];
+    const chunkByteLength = arrayBufferView[2];
 
     if (isSharedArrayBuffer(chunkBuffer)) {
       throw new ERR_INVALID_ARG_VALUE(
@@ -2745,9 +2746,10 @@ function readableByteStreamControllerPullInto(
   assert(minimumFill >= elementSize && minimumFill <= view.byteLength);
   assert(minimumFill % elementSize === 0);
 
-  const buffer = ArrayBufferViewGetBuffer(view);
-  const byteOffset = ArrayBufferViewGetByteOffset(view);
-  const byteLength = ArrayBufferViewGetByteLength(view);
+  const arrayBufferView = getArrayBufferView(view);
+  const buffer = arrayBufferView[0];
+  const byteOffset = arrayBufferView[1];
+  const byteLength = arrayBufferView[2];
   const bufferByteLength = ArrayBufferPrototypeGetByteLength(buffer);
 
   let transferredBuffer;
@@ -2888,9 +2890,10 @@ function readableByteStreamControllerEnqueue(controller, chunk) {
     stream,
   } = controller[kState];
 
-  const buffer = ArrayBufferViewGetBuffer(chunk);
-  const byteOffset = ArrayBufferViewGetByteOffset(chunk);
-  const byteLength = ArrayBufferViewGetByteLength(chunk);
+  const arrayBufferView = getArrayBufferView(chunk);
+  const buffer = arrayBufferView[0];
+  const byteOffset = arrayBufferView[1];
+  const byteLength = arrayBufferView[2];
 
   if (closeRequested || stream[kState].state !== 'readable')
     return;
@@ -3183,9 +3186,10 @@ function readableByteStreamControllerRespondWithNewView(controller, view) {
   const desc = pendingPullIntos[0];
   assert(stream[kState].state !== 'errored');
 
-  const viewByteLength = ArrayBufferViewGetByteLength(view);
-  const viewByteOffset = ArrayBufferViewGetByteOffset(view);
-  const viewBuffer = ArrayBufferViewGetBuffer(view);
+  const arrayBufferView = getArrayBufferView(view);
+  const viewBuffer = arrayBufferView[0];
+  const viewByteOffset = arrayBufferView[1];
+  const viewByteLength = arrayBufferView[2];
   const viewBufferByteLength = ArrayBufferPrototypeGetByteLength(viewBuffer);
 
   if (stream[kState].state === 'closed') {

lib/internal/webstreams/util.js

@@ -1,19 +1,14 @@
 'use strict';
 
 const {
-  ArrayBufferPrototypeGetByteLength,
-  ArrayBufferPrototypeGetDetached,
-  ArrayBufferPrototypeSlice,
   ArrayPrototypePush,
   ArrayPrototypeShift,
   AsyncIteratorPrototype,
   MathMax,
   NumberIsNaN,
   PromisePrototypeThen,
   ReflectApply,
-  ReflectGet,
   Symbol,
-  Uint8Array,
 } = primordials;
 
 const {
@@ -27,16 +22,19 @@ const {
 } = internalBinding('buffer');
 
 const {
-  inspect,
-} = require('util');
-
-const {
+  canCopyArrayBuffer,
+  cloneAsUint8Array,
   constants: {
     kPending,
   },
+  getArrayBufferView,
   getPromiseDetails,
 } = internalBinding('util');
 
+const {
+  inspect,
+} = require('util');
+
 const assert = require('internal/assert');
 
 const {
@@ -87,38 +85,11 @@ function customInspect(depth, options, name, data) {
   return `${name} ${inspect(data, opts)}`;
 }
 
-// These are defensive to work around the possibility that
-// the buffer, byteLength, and byteOffset properties on
-// ArrayBuffer and ArrayBufferView's may have been tampered with.
-
-function ArrayBufferViewGetBuffer(view) {
-  return ReflectGet(view.constructor.prototype, 'buffer', view);
-}
-
-function ArrayBufferViewGetByteLength(view) {
-  return ReflectGet(view.constructor.prototype, 'byteLength', view);
-}
-
-function ArrayBufferViewGetByteOffset(view) {
-  return ReflectGet(view.constructor.prototype, 'byteOffset', view);
-}
-
-function cloneAsUint8Array(view) {
-  const buffer = ArrayBufferViewGetBuffer(view);
-  const byteOffset = ArrayBufferViewGetByteOffset(view);
-  const byteLength = ArrayBufferViewGetByteLength(view);
-  return new Uint8Array(
-    ArrayBufferPrototypeSlice(buffer, byteOffset, byteOffset + byteLength),
-  );
-}
-
-function canCopyArrayBuffer(toBuffer, toIndex, fromBuffer, fromIndex, count) {
-  return toBuffer !== fromBuffer &&
-    !ArrayBufferPrototypeGetDetached(toBuffer) &&
-    !ArrayBufferPrototypeGetDetached(fromBuffer) &&
-    toIndex + count <= ArrayBufferPrototypeGetByteLength(toBuffer) &&
-    fromIndex + count <= ArrayBufferPrototypeGetByteLength(fromBuffer);
-}
+// getArrayBufferView, canCopyArrayBuffer, and cloneAsUint8Array are
+// implemented in src/node_util.cc via direct V8 API calls. They are immune to
+// user tampering of typed-array prototypes (matching the defensive behavior of
+// the previous Reflect.get-based JS implementation) and faster on hot
+// byte-stream paths.
 
 function isBrandCheck(brand) {
   return (value) => {
@@ -206,9 +177,6 @@ function lazyTransfer() {
 }
 
 module.exports = {
-  ArrayBufferViewGetBuffer,
-  ArrayBufferViewGetByteLength,
-  ArrayBufferViewGetByteOffset,
   AsyncIterator,
   canCopyArrayBuffer,
   cloneAsUint8Array,
@@ -219,6 +187,7 @@ module.exports = {
   enqueueValueWithSize,
   extractHighWaterMark,
   extractSizeAlgorithm,
+  getArrayBufferView,
   getNonWritablePropertyDescriptor,
   isBrandCheck,
   isPromisePending,

src/node_buffer.cc

@@ -1480,11 +1480,12 @@ void CopyArrayBuffer(const FunctionCallbackInfo<Value>& args) {
   // args[3] == Source ArrayBuffer Offset
   // args[4] == bytesToCopy
 
+  Environment* env = Environment::GetCurrent(args);
   CHECK(args[0]->IsArrayBuffer() || args[0]->IsSharedArrayBuffer());
-  CHECK(args[1]->IsUint32());
+  CHECK(args[1]->IsNumber());
   CHECK(args[2]->IsArrayBuffer() || args[2]->IsSharedArrayBuffer());
-  CHECK(args[3]->IsUint32());
-  CHECK(args[4]->IsUint32());
+  CHECK(args[3]->IsNumber());
+  CHECK(args[4]->IsNumber());
 
   void* destination;
   size_t destination_byte_length;
@@ -1495,16 +1496,36 @@ void CopyArrayBuffer(const FunctionCallbackInfo<Value>& args) {
   size_t source_byte_length;
   std::tie(source, source_byte_length) = DecomposeBufferToParts(args[2]);
 
-  uint32_t destination_offset = args[1].As<Uint32>()->Value();
-  uint32_t source_offset = args[3].As<Uint32>()->Value();
-  size_t bytes_to_copy = args[4].As<Uint32>()->Value();
-
-  CHECK_GE(destination_byte_length - destination_offset, bytes_to_copy);
-  CHECK_GE(source_byte_length - source_offset, bytes_to_copy);
+  int64_t destination_offset;
+  int64_t source_offset;
+  int64_t bytes_to_copy;
+  if (!args[1]->IntegerValue(env->context()).To(&destination_offset) ||
+      !args[3]->IntegerValue(env->context()).To(&source_offset) ||
+      !args[4]->IntegerValue(env->context()).To(&bytes_to_copy)) {
+    return;
+  }
 
-  uint8_t* dest = static_cast<uint8_t*>(destination) + destination_offset;
-  uint8_t* src = static_cast<uint8_t*>(source) + source_offset;
-  memcpy(dest, src, bytes_to_copy);
+  CHECK_GE(destination_offset, 0);
+  CHECK_GE(source_offset, 0);
+  CHECK_GE(bytes_to_copy, 0);
+
+  const uint64_t destination_offset_u =
+      static_cast<uint64_t>(destination_offset);
+  const uint64_t source_offset_u = static_cast<uint64_t>(source_offset);
+  const uint64_t bytes_to_copy_u = static_cast<uint64_t>(bytes_to_copy);
+  const uint64_t destination_byte_length_u = destination_byte_length;
+  const uint64_t source_byte_length_u = source_byte_length;
+  CHECK_LE(destination_offset_u, destination_byte_length_u);
+  CHECK_LE(source_offset_u, source_byte_length_u);
+  CHECK_LE(bytes_to_copy_u, destination_byte_length_u - destination_offset_u);
+  CHECK_LE(bytes_to_copy_u, source_byte_length_u - source_offset_u);
+
+  const size_t destination_offset_s = static_cast<size_t>(destination_offset_u);
+  const size_t source_offset_s = static_cast<size_t>(source_offset_u);
+  const size_t bytes_to_copy_s = static_cast<size_t>(bytes_to_copy_u);
+  uint8_t* dest = static_cast<uint8_t*>(destination) + destination_offset_s;
+  uint8_t* src = static_cast<uint8_t*>(source) + source_offset_s;
+  memcpy(dest, src, bytes_to_copy_s);
 }
 
 // Converts a number parameter to size_t suitable for ArrayBuffer sizes